Hide URL

[PaulFOz]

Hi,

I would like to use PHP to hide the exact URL of a download from my site. How would I go about doing this?

Cheers in advance for your suggestions.

[Jocka]

The best way is by saving the information in the database with ID's or some identifier.

Then create download.php with something like this:
[code]
$id = $_GET['id'];

$query = mysql_query("SELECT * FORM table WHERE id='" . $id . "'");
$row = mysql_fetch_array($query);

// LETS ASSUME THE FILE NAME FIELD IS file_name
header("Location: download/directory/".$row['file_name']);[/code]

[CheesierAngel]

create a script inbetween your link-button (or form) and your actual script.

Linkspage:
[code]
<form action="links.php" method="post">
  <input type="hidden" name="cmd" value="link1">
<input type="submit" value="GoToThisLink">
</form>
[/code]

Your script inbetween:
<?php
if($_POST['cmd'] == "link1") {
  header(Location: http://www.blahblah.com");
}
?>

[PaulFOz]

Cheesier...

I tried your code and got:
Parse error: parse error, unexpected ':' in /home/nas01l/c/coolgorilla.com/user/htdocs/links.php on line 11

I'm testing it by just linking to an image from the site so the code is:

<?php
if($_POST['cmd'] == "link1") {
  header(Location: http://www.coolgorilla.com/images/banner.png");
}
?>


Any help please?

[CheesierAngel]

There is missing a " at the begining of the header() function.
It should be:
[code]
<?php
<?php
if($_POST['cmd'] == "link1") {
  header("Location: http://www.coolgorilla.com/images/banner.png");
}
?>
[/code]

[PaulFOz]

Cheesier,

Now i get:

Warning: Cannot modify header information - headers already sent by (output started at /home/c/coolgorilla.com/user/htdocs/links.php:9) in /home/c/coolgorilla.com/user/htdocs/links.php on line 11

I've found something that displays a link to a zip file like this this:

<a href="/linkguarddemo.php/download.zip?linkguardauth=ZG93bmxvYWQuemlwLDExNjQ4OTI0MzksODAuNC4yMjQuOCwzLDEsZTBhZjM0NTI2ZDcwMDE4NzUwZjRlYzY5NWExNTI4NGY%3D">Download Test Link Here</a>

Any help?

[Jocka]

thats encoded. You can create an encode for yourself if you like but that may be a little more advanced and out of your way at the moment.

The only reason you should get the error headers already sent is if you print something to the page.. are you echoing anything prior to the redirection? or are you using ONLY the code he gave you?

[PaulFOz]

I'm using only the code he sent... I'm up for the encryption side of things if you can point me in the right direction.

[Jocka]

well he had two php starts in the code i just saw so try it again with:

<?php
if($_POST['cmd'] == "link1") {
  header("Location: http://www.coolgorilla.com/images/banner.png");
}
?>

And encryption can be easy or hard but you need 2 way encryption and to keep people from being able to decrypt it (or most people) you need your own encryption method. it can be as simple as stripping the http:// section and replacing a few letters of the alpha bet (and periods, dont' forget to replace the period). Usually it's not that hard to create a simple encryption by just replacing letters though. Look into preg_replace and read up on arrays and thats all you'll really need.

[CheesierAngel]

Show me the code you are using now ...

(put it between the code tags [ code ][ /code ], without the spaces)

[PaulFOz]

On the first page it's:
[code]
<html>
<head>
<title>blah</title>
</head>
<body>



<form action="links.php" method="post">
  <input type="hidden" name="cmd" value="link1">
<input type="submit" value="GoToThisLink">
</form>


</body>
</html>
[/code]

and on 'links.php' it's:

[code]
<html>
<head>
<title>blah</title>
</head>
<body>



<?php
if($_POST['cmd'] == "link1") {
  header("Location: http://www.coolgorilla.com/images/banner.png");
}
?>


</body>
</html>
[/code]

The final project it obviously won't be a graphic... it's an .exe file.

Cheers

[CheesierAngel]

You shouldn't write on the links.php page the <html> tags.

The links.php should look like this (nothing more, nothing less):
[code]
<?php
if($_POST['cmd'] == "link1") {
  header("Location: http://www.coolgorilla.com/images/banner.png");
}
?>
[/code]

Modification:

This because the user accessing this page will never see this page...
PHP gave you the error because you wanted to write/transmit some header information to the user.
[code]
<html>
<head>  <!-- And here is your header output to the user -->
  ....
</head>
<body> <!-- Here is some information you are transmitting to the user -->
  <?php
    if(...) {
      /*
        * Sending again some header information after the headers where already send by the html header tag
        * and after you already transfered some content to the user by the <body> tags.
      */
      header(...);  // Nothing may be outputted already to the user when using this function !!!
    }
  ?>
  </body>
</html>
[/code]

[PaulFOz]

Ok... got it working.. silly me.

But in IE it quickly displays the URL next to the progress bar. Any fix for that?

[CheesierAngel]

That would be javascript that manipulates the statusbar message.
??? But don't know it is even possible in combination with the PHP header() function

[PaulFOz]

What about for a simple workaround place the file in a folder with a REALLY long name that can't display in the status bar? Ugly but effective.

So using your method cheesier do you think that it woul be 'impossible' for someone to locate the true URL? If so how?

Cheers

[taith]

hows this for a suggestion...

[code]
switch($_GET[op]){
default: require_once('main.php'); break;
case "x": require_once('x.php'); break;
}
[/code]

then just use <a href=".?op=x"></a>
and hence, no address bar except domain and the ?op=*

[Daniel0]

None of the above snippets will hide any URL at all. This will however:

[code]<?php
$downloads_path = "/var/www/downloads/";

$file = $downloads_path.$filename;

if(preg_match('/(\.\.\/)/',$_GET['file']))
{
die("Access denied!");
}

if(!file_exists($file) || !is_readable($file) || !is_file($file))
{
die("Error: The file do not exist, is not a file or is not readable!");
}

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=".basename($file));
header("Content-Description: File Transfer");
header("Accept-Ranges: bytes");
header("Content-Length: ".filesize($file));

@readfile($file);
?>[/code]

Edit: I'm not sure if the filename check (the preg_match) is perfectly safe.

[The Little Guy]

I would a use an .htaccess file to do this, and a database.

The .htacess file would redirect to a page, which would call the row from the database, which would then display a download screen with the proper download.

The database would have two columns, one for the download file name, and one for a unique number that corresponds to the file name.

So you would then search the database for the number say it is "111111" and the corresponding file is "file.zip" and then you would use an include "/path/to/file/file.zip";

And in the address bar it should say http://mysite.com/download_page/111111